HTTP Headers Analysis for https://jamf.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains;

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

keep-alive

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

5 headers

Age

Caching

51892

Cache-Control

Caching

max-age=0, s-maxage=2592000, must-revalidate

Expires

Caching

Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified

Caching

Thu, 20 Nov 2025 11:59:16 GMT

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

Apache/2.4.65 (Debian)

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

WWWBALANCEID=a88124c86ec67017; path=/

Other Headers

8 headers

Content-Security-Policy-Report-Only

Other

default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint

Date

Other

Thu, 20 Nov 2025 12:07:25 GMT

Link

Other

<https://hello.myfonts.net>; rel=dns-prefetch, <https://media.jamf.com>; rel=dns-prefetch; preconnect, </css/main.css?v=20251119143327>; rel=preload; as=style, </js/jamf-critical.min.js?v=20251119143327>; rel=preload; as=script, <https://media.jamf.com/type/inter-regular.woff2>; rel=preload; as=font; crossorigin; type="font/woff2", <https://media.jamf.com/type/inter-bold.woff2>; rel=preload; as=font; crossorigin; type="font/woff2", <https://media.jamf.com/type/jcon_6372353d58f40790101470a75b02ecf2.woff>; crossorigin; type="font/woff"

Report-To

Other

{'group': 'csp-endpoint', 'max_age': 10886400, 'url': '/csp-violation-report-endpoint.php'}

Via

Other

1.1 f762d56afc88f7f52f51da3b63ad4658.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

SMxBB9TFwubyY-S377mMs3zAen8hkN2J5TMp4KXnFJgYk3FQEAm-BQ==

X-Amz-Cf-Pop

Other

IAD50-C2